Hey – Brian here, As we’re gearing up for release tomorrow I wanted to take a second to discuss a recent posting of a security issue to some mailing lists. Matt Murphy, a well known security researcher posted an alert today regarding a “drag and drop” issue affecting Windows. I actually handled this case and worked with Matt. We’ve been working with Matt for quite some time on this issue, and I want to thank him for working with us. We’ve had some long Instant Messenger sessions and E-mail threads...

Hey folks – Craig here taking a step away from the Tuesday release.
So, we've released seven Security Bulletins today. Real quick, I wanted to give you an overview of them.
* MS06-004 only applies to IE5.01 SP4 and is rated as Critical.
* MS06-005 is rated critical and applies to Windows Media Player on Microsoft Windows.
* MS06-006 is rated Important and affects the Windows Media Player plug-in when used with Non-Microsoft Internet Browsers.
* MS06-007 is rated Important Denial of...

Hey folks, Stephen Toulouse here blogging live from San Jose , at the RSA 2006 security conference. First a quick update on the MS06-007 update issue Craig mentioned earlier. This situation is now resolved and customers should be able to get the update. I want to reiterate that the problem had nothing to do with the update itself, you applied it manually from the download center or got it through SUS 1.0 it should install correctly and protect against the vulnerability. But it’s available now for...

Hi folks, Mike Reavey here. Just wanted to point out two new security advisories that we posted late last night.
The first is related to a WMF vulnerability in older versions of Internet Explorer. This is different from the issue addressed by MS06-001 and only impacts older versions of Internet Explorer – if you’re using IE6SP1 or later, you’re protected from this issue. The second is related to a research paper regarding default services behavior that has already been addressed in Windows XP...

Hey folks, Mike Reavey here, I wanted to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release for February. This coming Tuesday, we’re planning to release seven security bulletins, and they are being released for Windows, one for Windows and Office and one for Office. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when they are available on Tuesday. The updates can be deployed and detected...

Many of you may recognize my standard introduction from each month’s Security Bulletin Webcast. My name is Christopher Budd and I’ve been the primary technical presenter for the Monthly Security Bulletin webcast since January 2004.
I’ve recently changed roles a bit and wanted to take a few minutes to introduce myself as you’ll be seeing me on this space more moving forward.
I’m a Security Program Manager working on communications here in the MSRC. Specifically I’m focusing on technical communications...